Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0650

Malware in sbrugna...

8.1CVSS8AI score0.00714EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15798

Malicious code in bioql PyPI...

8.7CVSS8.8AI score0.00642EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/05/19 9:54 p.m.21 views

OpenPGP.js's message signature verification can be spoofed

Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...

8.7CVSS6.6AI score0.00642EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/19 6:57 p.m.12 views

CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

8.7CVSS6.2AI score0.00642EPSS
Exploits0References5
CVE
CVE
added 2025/01/28 9:7 a.m.834 views

CVE-2024-23953

CVE-2024-23953 affects Apache Hive (LLAP); uses Arrays.equals() in LlapSignerImpl to compare signatures, introducing a timing discrepancy that can enable signature forgery by an authorized user. The issue stems from non-constant-time comparison, where mismatched bytes may reveal information throu...

6.5CVSS6.9AI score0.01131EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/12 9:29 p.m.31 views

whatsapp-api-js fails to validate message's signature

Impact Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. Patches Patched in version 4.0.3. Workarounds It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is...

5.8CVSS6.8AI score0.14121EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/09/12 7:58 p.m.45 views

CVE-2024-45607 whatsapp-api-js fails to validate message's signature

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature...

5.8CVSS0.14121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.4 views

SUSE CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...

7.5CVSS6.9AI score0.01196EPSS
Exploits0References3
Node.js
Node.js
added 2019/09/06 7:50 p.m.23 views

Message Signature Bypass

Overview Versions of openpgp prior to 4.2.0 are vulnerable to Message Signature Bypass. The package fails to verify that a message signature is of type text. This allows an attacker to to construct a message with a signature type that only verifies subpackets without additional input such as...

5CVSS1.7AI score0.02013EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2019/08/23 9:42 p.m.21 views

Message Signature Bypass in openpgp

Versions of openpgp prior to 4.2.0 are vulnerable to Message Signature Bypass. The package fails to verify that a message signature is of type text. This allows an attacker to to construct a message with a signature type that only verifies subpackets without additional input such as standalone or...

7.5CVSS1.6AI score0.02013EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2017/12/27 5:8 p.m.5 views

UBUNTU-CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...

7.5CVSS7.1AI score0.01196EPSS
Exploits0References7
Rows per page
Query Builder